github/kata-containers
1
0
Fork 1
mirror of https://github.com/kata-containers/kata-containers.git synced 2025-08-23 18:21:27 +00:00
Code Issues Projects Releases Wiki Activity

doc: Update ccv0.sh to reflect changes

Browse Source 
- Update prefix
- Add new requirement environment variables
- Use new ci scripts

Signed-off-by: stevenhorsman <steven@uk.ibm.com>
This commit is contained in:
stevenhorsman 2023-05-25 20:09:36 +01:00
parent 0032b8bfbf
commit 38e7c2be62
1 changed files with 18 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

41
docs/how-to/ccv0.sh
View File

@ -1,6 +1,6 @@
#!/bin/bash -e #!/bin/bash -e
# #
# Copyright (c) 2021, 2022 IBM Corporation # Copyright (c) 2021, 2023 IBM Corporation
# #
# SPDX-License-Identifier: Apache-2.0 # SPDX-License-Identifier: Apache-2.0
# #
@ -24,6 +24,10 @@ export KATA_HYPERVISOR="${KATA_HYPERVISOR:-qemu}"
export KUBERNETES=${KUBERNETES:-"no"} export KUBERNETES=${KUBERNETES:-"no"}
export AGENT_INIT="${AGENT_INIT:-${TEST_INITRD:-no}}" export AGENT_INIT="${AGENT_INIT:-${TEST_INITRD:-no}}"
export AA_KBC="${AA_KBC:-offline_fs_kbc}" export AA_KBC="${AA_KBC:-offline_fs_kbc}"
export KATA_BUILD_CC=${KATA_BUILD_CC:-"yes"}
export TEE_TYPE=${TEE_TYPE:-}
export PREFIX="${PREFIX:-/opt/confidential-containers}"
export RUNTIME_CONFIG_PATH="${RUNTIME_CONFIG_PATH:-${PREFIX}/share/defaults/kata-containers/configuration.toml}"
# Allow the user to overwrite the default repo and branch names if they want to build from a fork # Allow the user to overwrite the default repo and branch names if they want to build from a fork
export katacontainers_repo="${katacontainers_repo:-github.com/kata-containers/kata-containers}" export katacontainers_repo="${katacontainers_repo:-github.com/kata-containers/kata-containers}"
@ -66,8 +70,6 @@ fi
[ -d "${BATS_TEST_DIRNAME}" ] && source "${BATS_TEST_DIRNAME}/../../confidential/lib.sh" [ -d "${BATS_TEST_DIRNAME}" ] && source "${BATS_TEST_DIRNAME}/../../confidential/lib.sh"
export RUNTIME_CONFIG_PATH=/etc/kata-containers/configuration.toml
usage() { usage() {
exit_code="$1" exit_code="$1"
cat <<EOF cat <<EOF
@ -210,13 +212,14 @@ checkout_kata_containers_repo() {
} }
build_and_install_kata_runtime() { build_and_install_kata_runtime() {
pushd ${katacontainers_repo_dir}/src/runtime export DEFAULT_HYPERVISOR=${KATA_HYPERVISOR}
make clean && make DEFAULT_HYPERVISOR=${KATA_HYPERVISOR} && sudo -E PATH=$PATH make DEFAULT_HYPERVISOR=${KATA_HYPERVISOR} install ${tests_repo_dir}/.ci/install_runtime.sh
popd
} }
configure() { configure() {
configure_kata_to_use_rootfs # configure kata to use rootfs, not initrd
sudo sed -i 's/^\(initrd =.*\)/# \1/g' ${RUNTIME_CONFIG_PATH}
enable_full_debug enable_full_debug
enable_agent_console enable_agent_console
@ -226,12 +229,9 @@ configure() {
configure_cc_containerd configure_cc_containerd
# From crictl v1.24.1 the default timoout leads to the pod creation failing, so update it # From crictl v1.24.1 the default timoout leads to the pod creation failing, so update it
sudo crictl config --set timeout=10 sudo crictl config --set timeout=10
}
configure_kata_to_use_rootfs() { # Verity checks aren't working locally, as we aren't re-genning the hash maybe? so remove it from the kernel parameters
sudo mkdir -p /etc/kata-containers/ remove_kernel_param "cc_rootfs_verity.scheme"
sudo install -o root -g root -m 0640 /usr/share/defaults/kata-containers/configuration.toml /etc/kata-containers
sudo sed -i 's/^\(initrd =.*\)/# \1/g' ${RUNTIME_CONFIG_PATH}
} }
build_and_add_agent_to_rootfs() { build_and_add_agent_to_rootfs() {
@ -306,20 +306,15 @@ install_rootfs_image() {
local commit=$(git log --format=%h -1 HEAD) local commit=$(git log --format=%h -1 HEAD)
local date=$(date +%Y-%m-%d-%T.%N%z) local date=$(date +%Y-%m-%d-%T.%N%z)
local image="kata-containers-${date}-${commit}" local image="kata-containers-${date}-${commit}"
sudo install -o root -g root -m 0640 -D kata-containers.img "/usr/share/kata-containers/${image}" sudo install -o root -g root -m 0640 -D kata-containers.img "${PREFIX}/share/kata-containers/${image}"
(cd /usr/share/kata-containers && sudo ln -sf "$image" kata-containers.img) (cd ${PREFIX}/share/kata-containers && sudo ln -sf "$image" kata-containers.img)
echo "Built Rootfs from ${ROOTFS_DIR} to /usr/share/kata-containers/${image}" echo "Built Rootfs from ${ROOTFS_DIR} to ${PREFIX}/share/kata-containers/${image}"
ls -al /usr/share/kata-containers/ ls -al ${PREFIX}/share/kata-containers
popd popd
} }
install_guest_kernel_image() { install_guest_kernel_image() {
pushd ${katacontainers_repo_dir}/tools/packaging/kernel ${tests_repo_dir}/.ci/install_kata_kernel.sh
sudo -E PATH=$PATH ./build-kernel.sh setup
sudo -E PATH=$PATH ./build-kernel.sh build
sudo chmod u+wrx /usr/share/kata-containers/ # Give user permission to install kernel
sudo -E PATH=$PATH ./build-kernel.sh install
popd
} }
build_qemu() { build_qemu() {
@ -428,7 +423,7 @@ crictl_delete_cc() {
test_kata_runtime() { test_kata_runtime() {
echo "Running ctr with the kata runtime..." echo "Running ctr with the kata runtime..."
local test_image="quay.io/kata-containers/confidential-containers:signed" local test_image="quay.io/kata-containers/confidential-containers:signed"
if [ -z $(ctr images ls -q name=="${test_image}") ]; then if [ -z $(sudo ctr images ls -q name=="${test_image}") ]; then
sudo ctr image pull "${test_image}" sudo ctr image pull "${test_image}"
fi fi
sudo ctr run --runtime "io.containerd.kata.v2" --rm -t "${test_image}" test-kata uname -a sudo ctr run --runtime "io.containerd.kata.v2" --rm -t "${test_image}" test-kata uname -a